Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2016-1000108 | Open Redirect vulnerability in multiple products yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 6.1 |
| 2019-12-10 | CVE-2013-4184 | Link Following vulnerability in multiple products Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | 5.5 |
| 2019-12-06 | CVE-2019-1551 | Integer Overflow or Wraparound vulnerability in multiple products There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. | 5.3 |
| 2019-12-05 | CVE-2012-1115 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. | 6.1 |
| 2019-12-05 | CVE-2012-1114 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. | 6.1 |
| 2019-12-05 | CVE-2012-1105 | Information Exposure vulnerability in multiple products An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. | 5.5 |
| 2019-12-05 | CVE-2012-1104 | Improper Privilege Management vulnerability in multiple products A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. | 5.3 |
| 2019-12-05 | CVE-2013-0326 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products OpenStack nova base images permissions are world readable | 5.5 |
| 2019-12-03 | CVE-2015-7542 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | 5.3 |
| 2019-12-03 | CVE-2019-19536 | Missing Initialization of Resource vulnerability in multiple products In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | 4.6 |